URLhaus Database

You are currently viewing the URLhaus database entry for http://94.154.43.158/m68k.ghost which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:3877979
URL: http://94.154.43.158/m68k.ghost
URL Status:Offline
Host: 94.154.43.158
Date added:2026-06-29 14:05:30 UTC
Last online:2026-07-03 19:XX:XX UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2026-06-29 14:06:19 UTC to abuse{at}pitline[dot]net,abusep{at}kharkiv[dot]com)
Takedown time:4 days, 5 hours, 14 minutes Bad (down since 2026-07-03 19:21:14 UTC)
Tags:elf gafgyt link ua-wget

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-07-03m68k.ghostelf 40fd96e5c870ccefd680bf559b7f72e7e994e3ccb4d0cb5d68836db41180bf64n/aGafgyt
2026-07-01m68k.ghostelf 4e48e68caaf658072f32f3c9ae9dab2f5c864703a61dc857f6a72f08fec387fdn/aGafgyt
2026-06-29m68k.ghostelf 876894a47b1c46f30a174e9d7b3e26e752c25666abc6b555343d09177540114an/aGafgyt
2026-06-29m68k.ghostelf 5b9562222836095e6f17078b52ca4e29263e1c974ed6c23d30bcc85a946bc1cdn/a